Amazon Launch Checklist
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a benign Amazon listing audit checklist, with noteworthy local saving and memory behavior for launch data.
This skill is reasonable for pasted Amazon launch planning data. Before installing, be comfortable with it saving audit outputs under ~/amazon-launch/, avoid pasting credentials or Seller Central secrets, and review any proposed Bash/file actions before allowing them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses Bash, it may be able to create or modify local files; the provided instructions only support this for local workspace saving.
The skill grants shell access even though its main function is advisory. The provided artifacts do not show unsafe commands, but Bash is broader than simple checklist analysis.
allowed-tools: Bash
Allow shell use only for expected workspace operations, and be cautious if the skill suggests commands outside ~/amazon-launch/ or unrelated to launch auditing.
Saved launch notes and prior audit results may persist across sessions and affect later recommendations.
The skill discloses persistent local storage for launch history and brand/category context, which could influence future audits and may contain confidential business information.
Creates `~/amazon-launch/` containing: ... `memory.md` — brand notes, category benchmarks, previous launches
Review saved files periodically, avoid storing confidential information unless needed, and delete or edit memory.md if it contains outdated or sensitive launch assumptions.